Multi cloud and security insights - tackling the complexities

For many businesses, it’s no longer a question of whether to adopt the cloud, but rather how to deliver cloud solutions securely. Many organisations recognise the need to make security central to their strategic business goals, but how?

In this blog, I’ll unravel the security implications of multi cloud and share practical insights on tackling the complexities, such as achieving organisational alignment and understanding security across multiple clouds.

Forget ‘lift and shift’

The consensus is that traditional non-cloud security approaches won’t necessarily protect organisations using the cloud.  And if you do end up ‘lifting and shifting’ procedures once workflows move to the cloud, expect gaps in coverage and an ability to operate securely. Such procedures struggle to deal with the agility and speed that cloud offers. Security must adapt and become equally flexible to shed the perception of being ‘a necessary evil,’ or ‘something we must do’.

Many see security as enabling business, not stopping progress. By taking away the risk to data and workflows moving across multiple cloud services, innovation is possible without taking chances on governance. This protects reputations and supports revenues in the long term.

Avoid business strategy and security strategy mismatches

An extension of the restrictive ‘lift and shift/we’ve always done it this way’ mentality some professionals are challenging, is the ‘retrofit’ mindset. This is where security must be engineered into business strategy.

Security is enhanced and solutions more coherent when the CISO is plugged into the highest level of business strategy, from the onset. Some of the work here will be about analysing proposed strategies against the current security gaps, then developing bespoke solutions concurrently to support the business strategy.

When CISOs secure a seat at the strategy table, they need to be prepared to be more ‘business-orientated’ and take security ‘out of the corner.’ For some, that means giving more thought to how they’re going to reposition security as enabler, not a blocker.

Security, not compliance, first

Leading with security makes you more compliant. Leading with compliance does not make you more secure.

We’d argue that businesses wed to ‘compliance-first’ postures could be more vulnerable to attack. Conversely, shooting for a gold standard in data security as your top priority will have the natural consequence of generating compliance as a by-product.

Secure the supply chain

Working with multiple cloud vendors and related third parties can complicate the picture on governance. It’s important to understand the shared responsibilities around keeping your data safe, as it flows across various services.

A gap analysis is valuable, as is an appreciation that securing the supply chain is about far more than switching on the native security features of cloud platforms. While these are often compelling, businesses need oversight of where those shared responsibilities begin and end along the supply chain.

Create a ‘single pane of glass’ on security

This ‘single pane of glass’ was discussed by our dinner guests, many of whom saw the value of working in partnership with specialist security professionals. This can mitigate security fears whilst enabling higher standards of compliance and greater innovation. It may also provide a clearer view of the supply chain.

Learn from others

Look at your competitors’ cloud enablements – see what you can find on what went well and not so well. These lessons are likely to include avoiding vendor lock-in - this is simply no longer necessary in the multi cloud world. There may be those who go along with 3-5-year contracts because, ‘We’ve always done it that way,’ or prefer a single platform solution to avoid complexity. However, this complexity can be mitigated using a specialist hosting partner. In addition, multi cloud can prove to be more secure, providing data is spread across multiple environments.

 

@rackspaceUK

LinkedIn

 

To read more from techUK's Cloud Week, visit our landing page

  • Sue Daley

    Sue Daley

    Associate Director, Technology & Innovation
    T 020 7331 2055
  • Katherine Mayes

    Katherine Mayes

    Programme Manager | Cloud, Data, Analytics and AI
    T 020 7331 2019

Share this

FROM SOCIAL MEDIA

Last week was a busy, exciting one at #DLWeek. Make sure you have a read of our roundup of highlights here where we… https://t.co/p6YIyq9jxY
Our head of local public services @GeorginaMarath writes for @GovBusiness on making place based approaches a realit… https://t.co/s3DjtbElYs
Guest blog by Jay Chinnadorai @informetis and Chair of the Connected Home Working Group provides an overview of wha… https://t.co/75UEtsJIop
#ConnectedHome19 LAUNCH TOMORROW 🥳 Industry 🚦 Knowledge 🔝 Ownership 🧐 Control ☎️ Confidence💗 Cost📈 Panel… https://t.co/wGOCTNXt00
On Sunday, @techUK celebrated International Women in Engineering Day where we looked at how to #TransformTheFuture.… https://t.co/LVB0wUmk9E
In this blog our Craig Melson @techUK flicks through tonight’s TV guide on how connectivity changed our entertainme… https://t.co/rKd5zHMExN
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...